Описание
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| deluge | fixed | 2.1.1-1 | experimental | package |
| deluge | fixed | 2.1.1-4 | package | |
| deluge | no-dsa | bookworm | package | |
| deluge | no-dsa | bullseye | package | |
| deluge | no-dsa | buster | package |
Примечания
https://dev.deluge-torrent.org/ticket/3459
https://dev.deluge-torrent.org/changeset/8ece03677
https://dev.deluge-torrent.org/changeset/a5503c0c606
EPSS
Связанные уязвимости
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.
Deluge Web-UI vulnerable to XSS through a crafted torrent file
EPSS